Health Information Compliance Alert

Published on Fri May 01, 2009 PDF

Require vendors to meet future regulations and accept liability for their mistakes.

The electronic health record is certainly a boost but the relatively small disbursements over five years means you can't afford to not spend wisely. Make sure you're getting the best deal from prospective vendors with this expert insight:

No doubt you are prepared to meet the new federal requirements for EHR -- neglecting to do so only means future penalties are in store. The question is whether the vendors that interest you value compliance as much as you do. Use these questions to assess vendors' suitability:

• Are you currently certified? Ask vendors whether they are currently certified by the Certification Commission for Healthcare Information Technology (CCHIT). "I can't tell you how many times I look at a contract and the vendor is not CCHIT certified," related Steven J. Fox, Esq., partner at Post & Schell in Washington, D.C., during a recent Fierce Live webinar.

While there is no requirement that a provider must deal only with CCHIT-certified vendors, you must limited dealings to certified vendors to benefit from the stimulus incentives, Fox tells Eli. "Unfortunately, there are some unscrupulous vendors out there" as well as providers who are not aware of the details of the American Reinvestment and Recovery Act, Stark and Anti-Kickback requirements,which all require you to use certified products, he says. Bottom line: Don't accept a vendor's excuses about why the product doesn't have to be certified.

• Are you willing to meet future regulations? The vendor should be willing to comply with future regulatory changes -- and, ideally, at no extra charge to you. "I hear from vendors all the time, 'No. We don't know what we don't know.' If they say they don't know, don't sign a contract," counseled Fox. "You don't want a vendor who is going to be hesitant to comply with [the regulations]."Also, to protect your investment, ask if the vendor will refund any money you have paid if it is unable or unwilling to achieve future compliance and/or certification. "The only way to ensure [compliance with future regulations] is to provide iron-clad language in the contract with the vendor," Fox shares with Eli.

Bottom line: "You need it in black and white that they will take all necessary steps to comply with future requirements. If not, it's worthless. It doesn't make sense to have a product that is not qualified or certified," Fox asserted.

The stimulus bill ushers in an era of unprecedented accountability in healthcare information management, and you'll want to make sure your vendors are shouldering their share.

Ensure your HIT vendors:

• Prioritize privacy and confidentiality when designing and maintaining their systems.

• Accept full liability for their own errors, including hardware and software problems.

• Don't ask you for indemnification. "I've read contracts that say the vendor is not liable even if they are negligent,"shared Fox. "Tell vendors to stop asking you to indemnify them for their own mistakes."

• Increase contractual limitations of liability and broaden provisions for damages that they cause.